> Coccinelle (http://coccinelle.lip6.fr/) is a program matching and

> transformation engine which provides the > language SmPL (Semantic Patch

> Language) for specifying desired matches and > transformations in C code.

.cocci files in this directory are copied (and some adapted) from

http://coccinelle.lip6.fr/rules/. the pkg directory contains .cocci

fileswritten for pkg.

Installation

============

port:

    # make -C /usr/ports/devel/coccinelle install clean

package:

    # pkg install coccinelle

Usage

=====

From the pkg's source root:

    % spatch -I /usr/include -I /usr/local/include -I -I libpkg -I pkg \

        external/expat/lib -I external/libyaml/include \

        -I external/libucl/include -I external/uthash \

        -dir pkg -dir libpkg -in_place \

        -sp_file ./tests/cocci/$TESTFILE.cocci

// The right argument of || or && is dereferencing something known to be NULL

//

// Confidence: High

// Copyright: (C) Gilles Muller, Julia Lawall, EMN, INRIA, DIKU.  GPLv2.

// URL: http://coccinelle.lip6.fr/rules/andand.html

// Options:

@ expression@

expression E;

identifier fld;

@@

- !E &&

+ !E ||

  <+...E->fld...+>

@ expression@

expression E;

identifier fld;

@@

- E ||

+ E &&

  <+...E->fld...+>

// Two comparisons of the same expression to different constants,

// connected by a conjunction

// Confidence: Moderate

// Copyright: (C) Diego Liziero

// URL: http://coccinelle.lip6.fr/rules/andconst.html

// Options:

@@ identifier i; constant C1,C2; @@

(

- i == C1 && i == C2

+ i == C1 || i == C2

)

@@ identifier i; constant C1,C2; @@

(

- i != C1 || i != C2

+ i != C1 && i != C2

)

// A pointer should not be compared to zero

//

// Confidence: High

// Copyright: (C) Gilles Muller, Julia Lawall, EMN, INRIA, DIKU.  GPLv2.

// URL: http://coccinelle.lip6.fr/rules/badzero.html

// Options:

@ disable is_zero,isnt_zero @

expression *E;

expression E1,f;

@@

E = f(...)

<...

(

- E == 0

+ !E    

|

- E != 0

+ E

|

- 0 == E

+ !E

|

- 0 != E

+ E

)

...>

?E = E1

@ disable is_zero,isnt_zero @

expression *E;

@@

(

  E == 

- 0

+ NULL  

|

  E !=

- 0

+ NULL  

|

- 0

+ NULL

  == E

|

- 0

+ NULL

  != E

)

// Continue at the end of a for loop has no purpose

//

// Confidence: Moderate

// Copyright: (C) Gilles Muller, Julia Lawall, EMN, INRIA, DIKU.  GPLv2.

// URL: http://coccinelle.lip6.fr/rules/continue.html

// Options:

@@

position p;

@@

for (...;...;...) {

   ...

   if (...) {

     ...

-   continue;

   }

}

@@

position p;

@@

while (...) {

   ...

   if (...) {

     ...

-   continue;

   }

}

// A variable that is declared as unsigned should not be tested to be less than

// zero.

//

// Confidence: High

// Copyright: (C) Gilles Muller, Julia Lawall, EMN, INRIA, DIKU.  GPLv2.

// URL: http://coccinelle.lip6.fr/rules/find_unsigned.html

// Options: -all_includes

@u@ type T; unsigned T i; position p; @@

 i@p < 0

@script:python@

p << u.p;

i << u.i;

@@

print "* file: %s signed reference to unsigned %s on line %s" % (p[0].file,i,p[0].line)

/// sizeof when applied to a pointer typed expression gives the size of

/// the pointer

///

// Confidence: High

// Copyright: (C) 2012 Julia Lawall, INRIA/LIP6.  GPLv2.

// Copyright: (C) 2012 Gilles Muller, INRIA/LiP6.  GPLv2.

// URL: http://coccinelle.lip6.fr/

// Comments:

// Options: -no_includes -include_headers

virtual org

virtual report

virtual context

virtual patch

@depends on patch@

expression *x;

expression f;

type T;

@@

(

x = <+... sizeof(

- x

+ *x

   ) ...+>

|

f(...,(T)(x),...,sizeof(

- x

+ *x

   ),...)

|

f(...,sizeof(x),...,(T)(

- x

+ *x

   ),...)

)

@r depends on !patch@

expression *x;

expression f;

position p;

type T;

@@

(

*x = <+... sizeof@p(x) ...+>

|

*f(...,(T)(x),...,sizeof@p(x),...)

|

*f(...,sizeof@p(x),...,(T)(x),...)

)

@script:python depends on org@

p << r.p;

@@

cocci.print_main("application of sizeof to pointer",p)

@script:python depends on report@

p << r.p;

@@

msg = "ERROR: application of sizeof to pointer"

coccilib.report.print_report(p[0],msg)

// !x&y combines boolean negation with bitwise and

//

// Confidence: High

// Copyright: (C) Gilles Muller, Julia Lawall, EMN, INRIA, DIKU.  GPLv2.

// URL: http://coccinelle.lip6.fr/rules/notand.html

// Options:

@@ expression E; constant C; @@

(

  !E & !C

|

- !E & C

+ !(E & C)

)

// this detects NULL tests that can only be reached when the value is known 

// not to be NULL

//

// Confidence: High

// Copyright: (C) Gilles Muller, Julia Lawall, EMN, INRIA, DIKU.  GPLv2.

// URL: http://coccinelle.lip6.fr/rules/notnull.html

// Options:

@r exists@

local idexpression x;

expression E;

position p1,p2;

@@

if (x@p1 == NULL || ...) { ... when forall

   return ...; }

... when != \(x=E\|x--\|x++\|--x\|++x\|x-=E\|x+=E\|x|=E\|x&=E\)

    when != &x

(

x@p2 == NULL

|

x@p2 != NULL

)

// another path to the test that is not through p1?

@s exists@

local idexpression r.x;

position r.p1,r.p2;

@@

... when != x@p1

(

x@p2 == NULL

|

x@p2 != NULL

)

// another path to the test from p1?

@t exists@

local idexpression x;

position r.p1,r.p2;

@@

if (x@p1 == NULL || ...) { ... x@p2 ... when any

   return ...; }

// another path to the test containing an assignment?

@u exists@

local idexpression x;

expression E;

position r.p1,r.p2;

@@

if (x@p1 == NULL || ...) { ... when forall

   return ...; }

 ...

 \(x=E\|x--\|x++\|--x\|++x\|x-=E\|x+=E\|x|=E\|x&=E\|&x\)

 ...  when != x@p1

      when any

(

x@p2 == NULL

|

x@p2 != NULL

)

@fix depends on !s && !t && !u@

position r.p2;

expression x,E;

statement S1,S2;

@@

(

- if ((x@p2 != NULL) || ...)

  S1

|

- if ((x@p2 != NULL) || ...)

  S1

- else S2

|

- (x@p2 != NULL) && E

+ E

|

- (x@p2 == NULL) || E

+ E

|

- if ((x@p2 == NULL) && ...) S1

|

- if ((x@p2 == NULL) && ...) S1 else

  S2

|

- BUG_ON(x@p2 == NULL);

)

@script:python depends on !s && !t && !u && !fix@

p1 << r.p1;

p2 << r.p2;

@@

cocci.print_main("",p1)

cocci.print_secs("retest",p2)

// find cases where a pointer is dereferenced and then compared to NULL

//

// Confidence: High

// Copyright: (C) Gilles Muller, Julia Lawall, EMN, INRIA, DIKU.  GPLv2.

// URL: http://coccinelle.lip6.fr/rules/null_ref.html

// Options:

@match exists@

expression x, E,E1;

identifier fld;

position p1,p2;

@@

(

x = E;

... when != \(x = E1\|&x\)

x@p2 == NULL

... when any

|

x = E

... when != \(x = E1\|&x\)

x@p2 == NULL

... when any

|

x != NULL && (<+...x->fld...+>)

|

x == NULL || (<+...x->fld...+>)

|

x != NULL ? (<+...x->fld...+>) : E

|

&x->fld

|

x@p1->fld

... when != \(x = E\|&x\)

x@p2 == NULL

... when any

)

@other_match exists@

expression match.x, E1, E2;

position match.p1,match.p2;

@@

(

x = E1

|

&x

)

... when != \(x = E2\|&x\)

    when != x@p1

x@p2

@other_match1 exists@

expression match.x, E2;

position match.p1,match.p2;

@@

... when != \(x = E2\|&x\)

    when != x@p1

x@p2

@ script:python depends on !other_match && !other_match1@

p1 << match.p1;

p2 << match.p2;

@@

cocci.print_main("",p1)

cocci.print_sec("NULL test",p2)

// Use the macro NELEM when possible.

// based on: http://coccinelle.lip6.fr/rules/array.html

//

// Confidence: High

// Copyright: (C) Gilles Muller, Julia Lawall, EMN, INRIA, DIKU.  GPLv2.

// URL: http://coccinelle.lip6.fr/rules/array.html

// Options: -I ... -all_includes can give more complete results

@@

type T;

T[] E;

@@

- (sizeof(E)/sizeof(*E))

+ NELEM(E)

@@

type T;

T[] E;

@@

- (sizeof(E)/sizeof(E[...]))

+ NELEM(E)

@@

type T;

T[] E;

@@

- (sizeof(E)/sizeof(T))

+ NELEM(E)

// An malloc(3) is not matched by an free(3) before an error return.

//

// This file has been modified for pkgng, in particular the `when' conditions

// are to be adapted when needed.

//

// Confidence: Moderate

// Copyright: (C) Gilles Muller, Julia Lawall, EMN, INRIA, DIKU.  GPLv2.

// URL: http://coccinelle.lip6.fr/rules/alloc_free.html

// Options:

@r exists@

local idexpression n;

statement S1,S2;

expression E, E1;

expression *ptr != NULL;

type T;

position p1,p2;

@@

(

if ((n = malloc@p1(...)) == NULL) S1

|

n = malloc@p1(...)

)

... when != free((T)n)

    when != if (...) { <+... free((T)n) ...+> } else S2

    when != true n == NULL  || ...

    when != n = (T)E

    when != E = (T)n

    when != HASH_ADD_INT(E, E1, n)

    when != HASH_ADD_STR(E, E1, n)

    when != HASH_ADD_INO(E, E1, n)

    when != LL_APPEND(E, n)

(

  return \(0\|<+...n...+>\|ptr\);

|

return@p2 ...;

)

@script:python@

p1 << r.p1;

p2 << r.p2;

@@

cocci.print_main("",p1)

cocci.print_sec("return",p2)

// strlcat(3) is meant to be checked for returned value.

//

// Confidence: High

// Copyright: (C) The pkgng project, see COPYING.

// URL: https://github.com/freebsd/pkg/tree/master/tests/cocci/pkg/strlcat.cocci

@@

expression E, E1, S;

@@

- strlcat(E, E1, S);

+ assert(strlcat(E, E1, S) < S)/* FIXME: strlcat.cocci */;

// strlcpy(3) is meant to be checked for returned value.

//

// Confidence: High

// Copyright: (C) The pkgng project, see COPYING.

// URL: https://github.com/freebsd/pkg/tree/master/tests/cocci/pkg/strlcpy.cocci

@@

expression E, E1, S;

@@

- strlcpy(E, E1, S);

+ assert(strlcpy(E, E1, S) < S)/* FIXME: strlcpy.cocci */;

// Unchecked malloc(3), calloc(3) and realloc(3) calls.

//

// XXX: there is still a lot of work to be done here as it does not yet catch

// all.

//

// Confidence: Low

// Copyright: (C) The pkgng project, see COPYING.

// URL: https://github.com/freebsd/pkg/tree/master/tests/cocci/pkg/strlcat.cocci

@@

local idexpression n;

expression E;

@@

- n = malloc(E);

+ assert(n = malloc(E)) /* FIXME: unchecked_malloc.cocci */;

... when != (n == NULL)

    when != (n != NULL)

@@

local idexpression n;

expression E, E1;

@@

- n = calloc(E, E1);

+ assert(n = calloc(E, E1)) /* FIXME: unchecked_malloc.cocci */;

... when != (n == NULL)

    when != (n != NULL)

@@

local idexpression n;

expression E, E1;

@@

- n = realloc(E, E1);

+ assert(n = realloc(E, E1)) /* FIXME: unchecked_malloc.cocci */;

... when != (n == NULL)

    when != (n != NULL)

@@

local idexpression n;

expression E;

@@

- n = strdup(E);

+ assert(n = strdup(E)) /* FIXME: unchecked_malloc.cocci */;

... when != (n == NULL)

    when != (n != NULL)

// Applying sizeof to the result of sizeof makes no sense

//

// Confidence: High

// Copyright: (C) Gilles Muller, Julia Lawall, EMN, INRIA, DIKU.  GPLv2.

// URL: http://coccinelle.lip6.fr/rules/sizeof.html

// Options:

@@

expression E;

@@

- sizeof (

  sizeof (E)

- )

@@

type T;

@@

- sizeof (

  sizeof (T)

- )

// A variable is only initialized to a constant and is never used otherwise

//

// Confidence: High

// Copyright: (C) Gilles Muller, Julia Lawall, EMN, INRIA, DIKU.  GPLv2.

// URL: http://coccinelle.lip6.fr/rules/unused.html

// Options:

@e@

identifier i;

position p;

type T;

@@

extern T i@p;

@@

type T;

identifier i;

constant C;

position p != e.p;

@@

- T i@p;

  <+... when != i

- i = C;

  ...+>